Description
This affects all versions of package rollup-plugin-dev-server. There is no path sanitization in readFile operation inside the readFileFromContentBase function.
Remediation
References
https://snyk.io/vuln/SNYK-JS-ROLLUPPLUGINDEVSERVER-590124
Related Vulnerabilities
CVE-2023-25570 Vulnerability in maven package com.ctrip.framework.apollo:apollo
CVE-2021-35065 Vulnerability in maven package org.webjars.npm:glob-parent
CVE-2021-23372 Vulnerability in npm package mongo-express
CVE-2023-26136 Vulnerability in maven package org.webjars.npm:tough-cookie
CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-components